Software as a Service Agreement
This Software as a Service Agreement (the “Agreement”) is between
NetDocuments and the Customer, as outlined on an Order Form referencing
this Agreement.
If Customer’s principal place of business stated above is: (a) in the
North America, Central America, or South America, “NetDocuments” refers to
NetDocuments Software, Inc., a Delaware corporation with offices at 2500
West Executive Parkway, Suite 300, Lehi, Utah 84043; (b) in the United
Kingdom, European Economic Area, Africa, or the Middle East,
“NetDocuments” refers to NetDocuments Limited registered in England and
Wales with registered company number 7509508, with offices at 8th Floor
South Reading Bridge House, George Street, Reading, England RG1 8LS; or
(c) in Australia, New Zealand, or Asia, “NetDocuments” refers to
NetDocuments Australia Pty Limited, with offices at 40 Governor Macquarie
Tower, 1 Farrer Pl, Sydney NSW, Australia.
-
Definitions
-
“Access Software” means any software in
object code form that is supplied by NetDocuments in conjunction
with the Services and that installs and runs on Customer Systems,
for example, ndOffice or mobile applications. NetDocuments’ support
policy for Access Software is posted on the NetDocuments support
site.
-
“Administrative Contacts” means
individuals designated by Customer to receive notices related to
NetDocuments Services, including the operations and functionality
thereof. Administrative Contacts will receive Digital Notice by
email. Notice will also be posted on the NetDocuments support page.
-
“Affiliates” means any entity that
directly or indirectly controls, is controlled by, or is under
common control with, Customer or NetDocuments.
-
“Billing Date” means the date
identified in the Order Form as the date NetDocuments will bill
Customer for the Services.
-
“Confidential Information” of a party
means any information, technical data or trade secrets, relating to:
product plans, Intellectual Property, products, services, customers,
employees, documents, markets, software, developments, inventions,
processes, designs, drawings, engineering, marketing, product
pricing or financial information of the party, but excluding any
information other than Personal Data that: (a) is obtained from a
third-party free of any confidentiality obligation; (b) is in or
enters the public domain without unauthorized disclosure in breach
of this Agreement; (c) was in the Receiving Party’s possession prior
to receiving it from the Disclosing Party; or (d) is developed by
the Receiving Party without reference to the Disclosing Party’s
Confidential Information. Customer’s Confidential Information
includes the terms of this Agreement. NetDocuments’ Confidential
Information includes the terms of this Agreement, all Platform Data,
and all non-public information regarding the Services.
-
“Customer Data” means data residing on
the ND Network that is uploaded or otherwise transmitted by or on
behalf of any Service User, for the period of time such data is
being stored or processed by the Services.
-
“Customer Managed Storage Location”
means a server not hosted by NetDocuments, where Customer can store
Customer Data outside the ND Network including, for example,
ndFlexStore or ndMirror. Customer’s use of Customer Managed Storage
Locations is optional.
-
“Customer Service Account” means the
functionality of the Services that allows Administrative Contacts to
manage Customer’s account. For example, Administrative Contacts can
add Internal Users and External Users, create user groups, and set
user and group permissions through the Customer Service Account.
-
“Data Processing Addendum” means the
document described in Section 6.3.
-
“Digital Notice” means information
provided by NetDocuments on the NetDocuments support webpage.
Customers and Administrative Contacts may register on the support
webpage to receive updates by email. This is not meant to be used
for legal notices under this Agreement.
-
“Documentation” means the official
documentation related to the Services made generally available by
NetDocuments, including instructions and specifications that
describe components, features, requirements, or other aspects of the
Services.
-
“External User” means any person
granted access to the all or part of a Service by an Internal User.
-
“Help Desk Support” means support
provided in connection with the Services by NetDocuments to the
Customer as described in Section 2.6 and Exhibit B.
-
“Intellectual Property” means existing
and future rights and interests (registered or unregistered) applied
for, granted, or otherwise existing anywhere in the world in and to
patents, inventions, trademarks and service marks (including all
goodwill therein), copyrights, copyrightable works, trade names,
domain names, moral rights, trade secrets, know-how, proprietary
information, designs, and all other intellectual, industrial, or
proprietary rights, however arising and whether or not registered or
issued.
-
“Internal Users” are employees or
subcontractors of Customer or a Customer Affiliate given an account
in Customer’s repository by Customer’s administrators. Internal
Users also include accounts created for use by other applications
and integrations (including additional Services or third-party
services that integrate with Services) for ongoing functionality or
access to a Service, but not associated with a specific individual
user. All employees or subcontractors of Customer or a Customer
Affiliate who use the Services must be Internal Users and may not be
External Users.
-
“ND Network” means servers and
infrastructure under the control of NetDocuments and used to host
and operate the Services up to the boundary where such servers and
infrastructure connect to the Internet. The ND Network does not
include any Customer Managed Storage Locations.
-
“Order Form” or
“Order” means the form, regardless of
name, title, format, or media, through and pursuant to which
Customer subscribes to Services. Customer may have more than one
Order Form.
-
“Personal Data” will have the meaning
set forth in the Data Processing Agreement.
-
“Platform Data” means any data or
statistics that are associated or generated in connection with use
of the Services. NetDocuments may use Platform Data to analyze
Customer performance and usage in order to provide or improve the
Services. NetDocuments may use anonymized, aggregated Platform Data
for benchmarking or other internal purposes, including generating
reports regarding Service usage and customer data trends generally.
-
“Professional Services” means any
services provided by NetDocuments and described in a Statement of
Work.
-
“Services” means, as the case may be,
the ND Network cloud-hosted content management software, the Access
Software and any related services provided by NetDocuments, but
excludes Professional Services.
-
“Services Region” means the geographic
location(s) specified in the relevant Order Form in which
NetDocuments hosts the Services to which Customer subscribes.
-
“Service Users” means Internal Users
and External Users.
-
“Statement of Work” means a document
executed by Customer and NetDocuments that refers to this Agreement
and describes Professional Services purchased by Customer and to be
supplied by NetDocuments.
-
“Subscription Fees” means the recurring
fees for the Services specified in the Order Form.
-
“Term” means, collectively, the Initial
Term and any Renewal Term, as defined in the relevant Order Form.
-
“Unauthorized Access” means: (a)
unauthorized access, use, disclosure, alteration to Customer Data
while it is residing on the ND Network by anyone other than a person
using the login credentials of a Service User; or (b) access to
Customer Data by NetDocuments’ personnel other than as permitted by
this Agreement, or volunteered by Customer or a Service User.
-
NetDocuments Services.
-
Use of Access Software, Documentation, and Services.
NetDocuments hereby grants to Customer during the Term a limited,
non-exclusive, non-transferable (except as permitted by Section
12.6), non-sublicensable right for Service Users to (a) access and
use the Services (b) install and run the Access Software; (c) store
and print the Documentation for use with the Services; in each case
solely in accordance with the terms and conditions herein and all
applicable laws, rules, and regulations.
-
Use by Customer Affiliates. Customer may procure Services for
its Affiliates. Customer shall be fully responsible for the use of
and access to the Services or Documentation by its Affiliates and
its Affiliates’ compliance with this Agreement. Customer agrees and
shall ensure that any claim connected with this Agreement will be
asserted only by Customer and not any of its Affiliates; provided,
however, Customer may claim loss or damage incurred by its
Affiliates as if such loss or damage were incurred by Customer.
-
Use of Services by External Users. All employees or
subcontractors of Customer or a Customer Affiliate who use the
Services are and must be treated as Internal Users, not External
Users. Customer may grant External Users access to the Services.
Customer shall be fully responsible for External Users’ use of the
Services or Documentation and their compliance with this Agreement.
-
Services Region. NetDocuments will store Customer Data in the
Services Region specified in the Order Form and will not transfer or
access Customer Data, except at Customer’s or a Service User’s
direction, unless required by Law. For purposes of this Section,
“transfer” shall not include (a) any transfer of or access to
Customer Data on or through the Services in accordance with the
digital instructions of a Services User (for example, using the
sharing facilities of the Services); or (b) use of the Services by
Service Users outside of the Services Region if the Customer
configures the Services to permit or not restrict such use.
-
Security Specifications and Data Processing. NetDocuments
shall implement and maintain appropriate industry standard
administrative, physical, and technical safeguards to protect the
confidentiality and integrity of Customer Data from Unauthorized
Access using measures equal to or better than those of the ND
Network Security document attached hereto as Exhibit B and the Data
Processing Agreement (as applicable).
-
NetDocuments Services and Support Levels. NetDocuments shall
provide Help Desk Support in accordance with the NetDocuments’
Service Levels and Support attached hereto as Exhibit A and the
NetDocuments support policies posted on the NetDocuments support
website.
-
Retirement of Services or Features. NetDocuments will provide
Customer with at least 6 months’ Digital Notice of material changes
to or retirement of Services or features. The NetDocuments Services
may change but its functionality will not materially decrease during
the Term.
-
Restrictions on Customer’s Use.
-
Use Limited to Service Users. The Services and Documentation
may only be accessed by Service Users. Customer and Service Users
must not share login credentials with any other person.
-
Business Purposes. Customer shall use the Services and
Documentation only for its internal business purposes. Customer
shall not transfer, copy, modify, sublicense, distribute, translate,
disassemble, reverse engineer, decompile, frame, mirror, or resell
the NetDocuments Services and Documentation internally or to any
third party or use the NetDocuments Items for any purpose
competitive to NetDocuments, or to interfere with or disrupt the
integrity of the NetDocuments Items.
-
External Users. If any Internal User is required to review
and agree to NetDocuments Terms of Service before accessing the
Services, such NetDocuments Terms of Service are of no effect with
respect to such Internal Users and are superseded by the terms of
this Agreement. If Customer allows External Users to access the
Services, Customer is responsible for ensuring their compliance with
this Agreement and will be responsible for any acts or omissions.
-
Compliance with Laws and Third-Party Rights. Customer shall
not use any NetDocuments Items in any way that breaches the rights
of any third party or violates any applicable law, rule, or
regulation, including export control and data privacy laws.
NetDocuments is not responsible for compliance with any law, rule,
or regulation applicable to Customer, Customer Data, or Customer’s
industry that are not generally applicable to information technology
service providers. Without limiting the foregoing, Customer shall
not use the Services to store or transmit unlawful content, except
as such may be required in its role as a professional service
provider, in which case Customer will ensure that any use of the
Services to store or process such content is appropriate under the
circumstances, lawful, restricted to only necessary Service Users,
and removed at the earliest opportunity.
-
Customer Responsibilities.
-
Customer System Requirements. Customer shall provide,
configure and maintain: (a) all hardware and client-side software
necessary to use the Services and deploy the selected Access
Software; (b) Internet access; (c) software not provided by
NetDocuments that is required to access the Services in addition to
the Access Software (for example, a compatible Internet browser);
and, if applicable, (d) Customer Managed Storage Locations
(collectively “Customer Systems”). Customer is responsible for
ensuring Customer Systems provide sufficient capacity, performance
and connectivity and meet the service levels recommended by
NetDocuments. Customer will maintain appropriate security and
protection of the devices accessing the NetDocuments Service.
-
Help Desk Support. NetDocuments will provide Help Desk
Support as provided in Exhibit A. Help Desk Support may be provided
by NetDocuments’ personnel or subcontractors in regions other than
Customer’s Service Region. Customer is responsible for any and all
Customer Data shared as a result of its initiation of Help Desk
Support and will ensure that Customer Data is shared in conformity
with any Customer or client policies or laws, rules, or regulations
that may apply to Customer Data. NetDocuments will not be liable for
any Customer Data shared by Customer or its Service Users in
violation of any policy or law, rule, or regulation applicable to
Customer Data.
-
Third-Party Applications. NetDocuments enables select third
parties to provide a service or software (“Third-Party
Applications”) that integrates with one or more NetDocuments
Services. NETDOCUMENTS MAKES NO WARRANTIES REGARDING ANY THIRD-PARTY
APPLICATION, EXPRESS OR IMPLIED, INCLUDING ANY WARRANTY THAT ANY
THIRD-PARTY APPLICATION WILL (A) REMAIN AVAILABLE THROUGHOUT THE
TERM; (B) BE ERROR FREE OR RUN UNINTERRUPTED; (C) OFFER ANY
PARTICULAR FEATURES OR PERFORMANCE OR (D) MEET CUSTOMER’S NEEDS. ALL
THIRD-PARTY APPLICATIONS ARE PROVIDED “AS-IS” AND ANY REPRESENTATION
OR WARRANTY OF OR CONCERNING ANY THIRD-PARTY APPLICATION IS STRICTLY
BETWEEN CUSTOMER AND THE THIRD-PARTY OWNER OR DISTRIBUTOR OF THE
THIRD-PARTY APPLICATION. A limited selection of Third-Party
Applications may be offered by NetDocuments as additional Services,
as evidenced by their inclusion on an Order Form or their selection
using the Customer Service Account subject to additional
Subscription Fees. Other Third-Party Applications require a separate
contract (for which NetDocuments will have no responsibility)
between Customer and the third-party supplier.
-
NetDocuments’ Application Programming Interface. The Services
do not include access to NetDocuments’ application programming
interface (“API”). Customer acknowledges and agrees if NetDocuments
grants Customer access to NetDocuments’ API, Customer will be solely
responsible for use of the API in accordance with the terms of this
Agreement and Customer may not share its API access with any third
party. Any access to NetDocuments’ API may be subject to additional
terms and conditions, at NetDocuments’ discretion.
-
Intellectual Property and Related Rights.
-
NetDocuments Intellectual Property. NetDocuments or its
licensors own all right, title, and interest in and to Intellectual
Property in the NetDocuments Items, Platform Data, and other
proprietary rights and interests comprising and used to support and
operate the Services. Customer has no rights in or to such
Intellectual Property except as expressly set forth in this
Agreement. NetDocuments expressly reserves all other rights.
-
Customer Data.
-
NetDocuments disclaims ownership of Intellectual Property rights
in Customer Data. Customer hereby grants NetDocuments a limited,
free of charge, non-exclusive, non-transferable (except in
accordance with Section 12.6), non-sublicensable (except as
necessary to provide Third-Party Applications in accordance with
Section 4.3) license to store, copy, and process Customer Data
in order to provide the Services.
-
NetDocuments shall not use, disclose or access Customer Data
other than (a) to provide the Services and perform the
obligations contemplated in this Agreement (including
Professional Services, if applicable); (b) as required to
facilitate Third-Party Applications in accordance with Section
4.3; (c) as requested or volunteered by Customer or a Service
User in connection with Help Desk Support; or (d) as required to
comply with a legal demand in accordance with Section 6.2.
-
The license and obligations pursuant to this Section 5.2.2 will
survive the termination or expiration of this Agreement until
Customer Data is no longer on the ND Network.
-
Confidential Information.
-
Protection. During the Term each party (“Receiving Party”)
may receive Confidential Information from the other party
(“Disclosing Party”). During the Term and indefinitely thereafter,
as long as the Confidential Information is held, the Receiving Party
shall protect any Confidential Information received from the
Disclosing Party by exercising the same degree of care it uses to
protect its own information of like importance from unauthorized use
or disclosure, but in no event less than a reasonable degree of
care.
-
Permitted Use and Disclosure. Receiving Party may only use
Disclosing Party’s Confidential Information for purposes in
connection with this Agreement or as expressly authorized by this
Agreement. Receiving Party shall not disclose Disclosing Party’s
Confidential Information to any third party, without the prior
written consent of the Disclosing Party, except in the following
circumstances: (a) to its employees or authorized agents or
independent contractors to the extent necessary for them to perform
the Receiving Party’s obligations in this Agreement; (b) in
confidence, to legal counsel, accountants, banks, and financing
sources and their advisors or in connection with an actual or
proposed merger, acquisition, or similar transaction; (c) in
connection with the enforcement of this Agreement; or (d) in order
to comply with Law or a court order (it being understood that such
disclosure may include Customer Data, in the case of NetDocuments)
provided that to the extent legally permissible the Receiving Party
gives the Disclosing Party prior notice of such compelled disclosure
and reasonable assistance, at the Disclosing Party's expense, if the
Disclosing Party seeks to contest such disclosure.
-
Protection of Personal Data. To the extent that NetDocuments
“processes” any “Personal Data (as such is defined in a Data
Processing Agreement, and upon Customer’s request, NetDocuments will
provide its standard Data Processing Agreement that is tailored
specifically to the Services.
-
Term and Termination.
-
Term. The Term of this Agreement will commence on the
Effective Date and will continue until the expiration or termination
of all Order Forms, Statements of Work, and Transition Periods
governed by this Agreement, unless earlier terminated in accordance
with the terms herein. Notwithstanding anything to the contrary,
unless the parties mutually execute a new agreement, if any Order
Form or Statement of Work is executed by the parties, or if
NetDocuments, at Customer’s election, continues to provide Services
or Professional Services to Customer after the expiration or
termination of this Agreement, then this Agreement shall govern all
such Services or Professional Services and shall remain in effect
until all Order Forms, Statements of Work, and Transition Periods
have been completed.
-
Termination for Breach. A party may terminate this Agreement,
any Order Form, or any Statement of Work by giving notice
(specifying the grounds for such notice in reasonable detail) to the
other party, if the other party: (a) materially breaches any
obligations under this Agreement or any Order Form; (b) files a
voluntary petition in bankruptcy or has an involuntary petition in
bankruptcy filed against it; or (c) is declared insolvent, makes an
assignment for the benefit of creditors, appoints or has appointed a
receiver, conservator, or trustee to operate its business, or
liquidates all or substantially all of its business assets, or the
equivalent of any of the foregoing. Termination for breach of a
material obligation under this Section 7.2(a) will take effect: (y)
immediately, if the breach cannot be cured; or (z) on the 31st day
following receipt of notice from the non-breaching party, unless the
breaching party corrects the stated breaches within the first 30
days following receipt of notice. Without limiting the foregoing,
NetDocuments may suspend or limit Customer’s access to the Services,
in whole or in part, in the event of Customer’s breach of this
Agreement, including payment obligations hereunder until such time
as Customer remedies the breach. Except as necessary to mitigate
serious security risks, NetDocuments shall give Customer not less
than 14 days’ notice (in addition to any other notice required by
this Section 7.2) specifically referring to the threat of suspension
and shall provide Customer the opportunity to remedy the breach in
that period before exercising its right to suspend or limit
Services.
-
Transition Period. If NetDocuments or Customer provides
notice of termination of this Agreement, Customer may elect to
continue using the NetDocuments Items for a period of up to 6 months
from the notified end date (the “Transition Period”) provided
Customer: (a) is not in breach of its obligations under this
Agreement on the date of the notice of termination nor thereafter
during the Transition Period; (b) is current on its Subscription Fee
payments under this Agreement, and (c) prepays the Subscription Fee
for the Transition Period within 10 days of its election to
establish a Transition Period. The continuation of the Services
during the Transition Period shall not constitute a waiver by any
non-defaulting party of its claims against a defaulting party
hereunder. If Customer elects the continuation of the Services
pursuant to this Section, the parties agree that their respective
rights and obligations under this Agreement shall continue in force
until the conclusion of the Transition Period.
-
Removal of Customer Data. Customer shall ensure that all
Customer Data is removed from the ND Network before the end of the
Term or any applicable Transition Period. To the extent any Customer
Data remains on the ND Network 30 days after the termination or
expiration of this Agreement (including any applicable Transition
Period) NetDocuments may: (a) delete and permanently destroy all
Customer Data stored on the ND Network; or (b) at Customer’s
request, charge Customer for the continued storage of Customer Data
at a rate equal to the Subscription Fees previously applicable to
the relevant Order Form(s).
-
Cessation of Services. Upon termination or expiration of this
Agreement and the end of any applicable Transition Period,
NetDocuments will discontinue Customer’s access to the Services, and
Customer will immediately delete all copies of the Access Software
from Customer Systems.
-
Australian Protection. This Section 7.6. applies only if
Customer is domiciled in Australia. Despite any other provision to
the contrary in this Agreement, to the extent that section 415D,
434J or 451E of the Australian Corporations Act (each, an “ACA
Section”) applies to any right in this Agreement (“Right”), the
Right must not be enforced to that extent only during the period
prescribed by the ACA Section, any extended period ordered by a
court and at any other time required by the ACA Section (except, for
the avoidance of doubt, to the extent that the ACA Section does not
apply to the Right, contract, agreement or arrangement in this
Agreement including (without limitation) as a result of any court
order, any regulation or declaration that relates to the ACA Section
or any other provision in Chapter 5 of the Corporations Act). This
provision does not affect any other enforcement of the Right or the
enforcement of any other right.
-
Fees and Payment.
-
Disputed Amounts. If Customer disputes any invoice, Customer
shall notify NetDocuments of the disputed portion within 30 days of
the invoice date and pay the undisputed portion as provided in
Section 8.1. The parties will cooperate in good faith to resolve the
dispute promptly.
-
Costs of Collection. In the event Customer fails to pay
NetDocuments any amounts due under this Agreement, Customer will pay
all costs of collection, including reasonable attorney fees and
legal expenses incurred by NetDocuments.
-
Sales, Use, and Other Taxes. Customer shall pay taxes
(including sales or use taxes, value added taxes, and stamp taxes),
fees, tariffs, duties, or other similar levies required by Law,
except taxes based on NetDocuments’ income and employment-related
taxes. Except as expressly and specifically set out in an Order Form
(and subject to instructions in the Order Form relating to the
administration, procedures, and requirement for documentary evidence
as NetDocuments may require to lawfully minimize the withholding and
obtain acknowledgement from any taxing authority for the
withholding) Customer shall (a) pay invoices without withholding for
any taxes or other levies imposed by any taxing authority or (b) pay
amounts in addition to the amounts invoiced so that the net amount
received by NetDocuments, after any tax or levy charged or withheld,
equals the amount invoiced.
-
Fee Escalation. No more than once per annum, NetDocuments may
increase the fees for Services listed on any Order Form by up to CPI
plus 5%.
-
Representations and Warranties.
-
Right to Enter into Agreement. Each party represents that:
(a) it is validly formed and in good standing in the jurisdiction in
which it is formed; (b) it has the legal right and all requisite
power and authority to enter into this Agreement and to execute,
deliver, and perform its obligations under this Agreement; and (c)
the execution, delivery, and performance of this Agreement has been
duly authorized by all necessary organizational action of such
party, and when executed and delivered by both parties, this
Agreement will constitute a legal, valid, and binding obligation of
such party, enforceable against such party in accordance with its
terms and conditions and will not violate or constitute a breach of
any agreement binding upon such party.
-
Additional NetDocuments Warranties. NetDocuments represents
that it has the legal right to provide the Services. NetDocuments
shall perform the Services and the Professional Services using the
care and skill to be expected of a professional and competent
service provider in accordance with good industry practice.
-
Additional Customer Warranties. Customer represents,
warrants, and covenants that it has, and during the Term and any
Transition Period will at all times have, the legal right to
possess, store, and transmit the Customer Data using the Services.
-
No Other or Implied Warranties. EXCEPT AS EXPRESSLY PROVIDED
ELSEWHERE IN THIS AGREEMENT, ALL SERVICES ARE PROVIDED “AS IS” AND
WITHOUT WARRANTY OF ANY KIND. NETDOCUMENTS SPECIFICALLY DISCLAIMS
ALL IMPLIED WARRANTIES, INCLUDING WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE, AND ALL
WARRANTIES ARISING FROM COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
WITHOUT LIMITING THE FOREGOING, NETDOCUMENTS MAKES NO WARRANTY OF
ANY KIND THAT THE SERVICES OR RESULTS OF THE USE THEREOF WILL MEET
CUSTOMER’S OR ANY OTHER PERSON’S REQUIREMENTS, OPERATE WITHOUT
INTERRUPTION, ACHIEVE ANY INTENDED RESULT, BE COMPATIBLE OR WORK
WITH ANY SOFTWARE, SYSTEM, OR OTHER SERVICES. CUSTOMER ACKNOWLEDGES
THE SERVICES MIGHT BE SUBJECT TO OCCASIONAL DELAYS, INTERRUPTIONS,
AND OTHER ISSUES INHERENT TO INTERNET SERVICES, AND THAT THE
SERVICES MAY CONTAIN DEFECTS AND/OR MAY NOT OPERATE UNINTERRUPTED OR
ERROR FREE. EACH PARTY ACKNOWLEDGES AND AGREES THAT IT HAS NOT
ENTERED INTO THIS AGREEMENT ON THE BASIS OF ANY REPRESENTATIONS OR
PROMISES NOT EXPRESSLY SET OUT HEREIN.
-
Limitation of Liability.
-
No Indirect Damages. LIABILITY ARISING UNDER THIS AGREEMENT
SHALL BE LIMITED TO DIRECT DAMAGES. NEITHER PARTY SHALL BE LIABLE TO
THE OTHER PARTY FOR LOSS OF PROFITS, LOSS OF BUSINESS, LOSS OF USE
OR DATA, INTERRUPTION OF BUSINESS, OR FOR INDIRECT, CONSEQUENTIAL,
INCIDENTAL, PUNITIVE, SPECIAL, OR EXEMPLARY DAMAGES, REGARDLESS OF
WHETHER THE PARTY WAS ADVISED OF THE POSSIBILITY OF SUCH LOSSES OR
DAMAGES OR SUCH LOSSES OR DAMAGES WERE OTHERWISE FORESEEABLE, AND
NOTWITHSTANDING THE FAILURE OF ANY AGREED OR OTHER REMEDY OF ITS
ESSENTIAL PURPOSE. FOR INDEMNIFICATION CLAIMS, DAMAGES AWARDED OR
DETERMINED BY EXPRESS AGREEMENT IN A MONETARY SETTLEMENT SHALL
CONSTITUTE DIRECT DAMAGES.
-
Local Echoing and ndMirror. NETDOCUMENTS SHALL NOT BE LIABLE
FOR ANY LOSS, DAMAGES, OR CLAIMS ARISING FROM OR IN CONNECTION WITH
THIS AGREEMENT TO THE EXTENT THAT SUCH LOSS, DAMAGE, OR CLAIM COULD
HAVE BEEN AVOIDED OR REDUCED BY THE USE OF LOCAL ECHOING OR NDMIRROR
(EVEN IF CUSTOMER OPTED NOT TO USE LOCAL ECHOING OR SUBSCRIBE TO
NDMIRROR).
-
Liability Cap. EXCEPT FOR OBLIGATIONS ARISING UNDER SECTION
11 (INDEMNIFICATION), EACH PARTY’S ENTIRE LIABILITY FOR ANY AND ALL
CLAIMS RELATED TO OR ARISING OUT OF THIS AGREEMENT, REGARDLESS OF
WHETHER THE CLAIM FOR SUCH DAMAGES IS BASED IN CONTRACT, TORT, OR
ANOTHER LEGAL OR EQUITABLE THEORY, SHALL NOT EXCEED IN THE AGGREGATE
THE TOTAL AMOUNT OF THE ANNUALIZED SUBSCRIPTION FEE PAID OR PAYABLE
TO NETDOCUMENTS AT THE TIME OF THE EVENT GIVING RISE TO THE CLAIM.
THE FOREGOING LIMITATIONS SHALL APPLY EVEN IF ANY REMEDY FAILS OF
ITS ESSENTIAL PURPOSE. MULTIPLE CLAIMS SHALL NOT EXPAND ANY OF THE
LIMITATIONS SET FORTH IN THIS SECTION 10.
-
Exceptions. Notwithstanding the foregoing, nothing in this
Agreement excludes or limits a party’s liability for (a) death or
personal injury to the extent caused by a party’s negligence; (b)
that party’s fraud or fraudulent statements; or (c) any liability
for which the governing law of this Agreement prohibits the
exclusion or limitation of liability. This Section 10 in no way
limits Customer’s liability for Subscription Fees owed pursuant to
this Agreement.
-
Australian Consumer Law. This Section 10.5. applies only if
Customer is domiciled in Australia. Nothing in this Agreement shall
be read or applied so as to exclude, restrict or modify or have the
effect of excluding, restricting or modifying any condition,
warranty, guarantee, right or remedy implied by the Australian
Consumer Law (“ACL”) and which by law cannot be excluded, restricted
or modified.
-
NetDocuments’ Services come with guarantees that cannot be
excluded under the ACL. For major failures with the Services,
Customer may be entitled:
- to terminate this Agreement with NetDocuments; and
-
to a refund of Subscription Fees for any unused portion of
the Services occurring after the termination, or to
compensation for its reduced value in accordance with
Exhibit B of this Agreement.
Customer is also entitled to be compensated for any other
reasonably foreseeable loss or damage, subject to the limitations
of liability in Sections 10.1. and 10.2. If the failure does not
amount to a major failure Customer is entitled to have problems
with the Services rectified in a reasonable time and, if this is
not done, to terminate this Agreement and obtain a refund of
Subscription Fees for any unused portion of the Services occurring
after the termination.
-
Indemnification.
-
Indemnification by NetDocuments. NetDocuments shall indemnify
and defend Customer and its directors, officers, and employees from
and against losses, damages, judgments, and expenses, including
attorney fees, arising out of a claim, suit, action, or proceeding
brought by a third party to the extent arising from an allegation
that the Services, when used in accordance with this Agreement,
infringe the Intellectual Property rights of any third party.
NetDocuments will not be obligated to indemnify Customer to the
extent that any claim of infringement arises from: (a) the
combination, operation, or use of any Services with equipment,
devices, or software not supplied by NetDocuments, to the extent
such claims could have been avoided if the Services had not been so
combined, operated, or used; (b) Customer’s breach of this Agreement
or Law; and (c) alterations or modifications to the Services which
are not performed by NetDocuments, to the extent such claims could
have been avoided if the Services had not been so altered or
modified.
-
Indemnification by Customer. Customer will indemnify and
defend NetDocuments and its directors, officers, and employees from
and against losses, damages, judgments, and expenses, including
attorney fees, arising out of a claim, suit, action, or proceeding
by a third party to the extent arising from an allegation that: (a)
Customer Data violates Law or the rights of any third party,
including Intellectual Property rights, or (b) that Customer does
not have the legal right to possess Customer Data or transmit it to
NetDocuments or the Services.
-
Indemnification Procedures. Upon an event giving rise to a
claim under this Section 11, the party claiming the right to
indemnification (the “Indemnified Party”) shall:
-
promptly notify the other party (the “Indemnifying Party”) of
any circumstances the Indemnified Party believes may result in a
claim for indemnification (provided that the indemnifying party
shall not be relieved of any indemnification obligations except
to the extent it is materially prejudiced as a result of the
Indemnified Party’s failure to provide prompt notice); and
-
cooperate with and take all reasonable steps requested by the
Indemnifying Party to allow the Indemnifying Party to control
the defense and settlement of claims subject to indemnification
with counsel selected in the Indemnifying Party’s discretion.
The Indemnified Party may participate in the defense with its
own counsel and at its sole cost. The Indemnifying Party shall
not settle a claim that imposes obligations on, or restricts the
operations of, the Indemnified Party without the written consent
of the Indemnified Party, which consent must not be unreasonably
withheld, conditioned, or delayed.
-
General.
-
Export Compliance. Customer acknowledges that NetDocuments’
Service is subject to U.S., foreign, and international export
control, import, and economic sanctions laws and regulations and
agrees to comply with all such applicable laws and regulations,
including, but not limited to, the U.S. Export Administration
Regulations (EAR, 15 C.F.R. Parts 730-774) and regulations
administered by the U.S. Department of the Treasury’s Office of
Foreign Assets Control (OFAC, 31 C.F.R. § 500, et seq.). Customer
hereby agrees that it will not, under any circumstances, engage in
any activities during the course of its engagement with NetDocuments
that could cause NetDocuments to violate any applicable law or
regulation. Customer specifically agrees that it will not, directly
or indirectly, export, reexport, transfer (in-country), sell, lease,
or supply, or allow any other access to or use of the Services to,
in, by, or for any country/region subject to U.S. embargo or
sanctions, any U.S. denied or sanctioned person, or any prohibited
end-use under U.S. law without authorization from the U.S.
government and prior written approval from NetDocuments. Without
limiting the generality of the foregoing, Customer represents and
warrants that neither it nor its employees, board members,
consultants, affiliates, suppliers, or subcontractors are subject to
U.S. sanctions or other export restrictions, including, but not
limited to, being (1) identified on or in the U.S. Department of
Commerce’s Denied Persons List, Unverified List, or Entity List; the
U.S. Department of State’s Non-Proliferation Sanctions
Determinations; or OFAC’s Specially Designated Nationals List,
Foreign Sanctions Evaders List, or Sectoral Sanctions
Identifications List; (2) directly or indirectly 50 percent or more
owned, in the aggregate, by individuals/entities sanctioned by OFAC;
(3) designated or blocked pursuant to sanctions- or export-related
U.S. Executive Orders; (4) located or ordinarily resident in a
country/region subject to U.S. embargo or sanctions; or (5) an
official, employee, agent, or contractor of, or directly or
indirectly acting or purporting to act for or on behalf of, a
government (including any political subdivision, agency, or
instrumentality thereof or any person directly or indirectly owned
or controlled by the foregoing) or political party subject to U.S.
embargo or sanctions or any other entity in an embargoed/sanctioned
country or region or subject to U.S. embargo or sanctions. Customer
is required to immediately notify NetDocuments in writing if there
is any change that impacts the accuracy of any representation or
other information in this clause. Notwithstanding any other
provision in this Agreement, NetDocuments shall have the right to
terminate this Agreement or discontinue performance immediately and
without penalty upon the determination by NetDocuments, in
NetDocuments’s sole discretion, that Customer has breached, intends
to breach, or insists upon breaching any of the provisions in this
clause; or if NetDocuments deems such cessation necessary, in its
sole discretion, to ensure compliance with U.S. law.
-
Common Subcontractors. NetDocuments may subcontract any part
of its obligations under this Agreement that is common to and
subcontracted for other NetDocuments’ customers (such subcontractors
referred to as “Common Subcontractors”). NetDocuments may change or
appoint new Common Subcontractors from time to time during the Term,
and NetDocuments will give Customer Digital Notice of material
changes or additions to Common Subcontractors.
-
Force Majeure. Except for Customer’s payment obligations
hereunder, neither party will be liable for failure or delay to
perform under this Agreement if such failure or delay is caused by
the occurrence of any contingency beyond its reasonable control (a
“Force Majeure Event”), including, but not limited to, widespread
Internet outage, industrial disturbance, denial of service attack,
war, act of terrorism, insurrection, multi-day power outage, acts of
God or acts of civil or military authority. A Force Majeure Event
also includes a temporary suspension of the Services at any time
NetDocuments reasonably believes such suspension is necessary in
response to a perceived threat to the Services, ND Network, or
Customer Data. A party experiencing a Force Majeure Event shall
notify the other party promptly and shall resume performance as soon
as practicable under the circumstances.
-
Relationship of the Parties. The parties are independent
contractors, and neither will at any time be considered, or
represent itself to be, an agent, employee, associate, or joint
venture party of the other.
-
Notices. Any notice under this Agreement given by a party to
the other party will be in writing and will be effective upon
delivery as follows: (a) if to Customer, (i) when delivered via
registered mail, return receipt requested, to the address specified
in an Order Form or otherwise on record for Customer; or (ii) when
sent via email to the email address specified in an Order Form or
otherwise on record for Customer; and (b) if to NetDocuments, when
sent via email to [email protected], with a duplicate copy sent
via registered mail, return receipt requested, to: NetDocuments
Software, Inc., Attn: Legal Department, 2500 West Executive Parkway,
Suite 300, Lehi, Utah 84043.
-
Assignment. Neither party may assign or otherwise transfer
any of its rights or obligations under this Agreement without the
prior written consent of the other party, which must not be
unreasonably withheld, conditioned, or delayed. Notwithstanding the
foregoing, either party may assign its rights and obligations under
this Agreement without prior consent to any successor entity in the
event of such party’s transfer of all or substantially all of its
assets or stock, merger, spin-off, consolidation, reorganization or
other business combination or change of control, so long as the
assigning party provides notice thereof to the other party. Subject
to the foregoing, this Agreement will be binding upon and inure to
the benefit of the parties, their successors, and their permitted
assigns.
-
No Third-Party Beneficiaries. The provisions of the Agreement
are only for reliance upon and the benefit of Customer and
NetDocuments and its licensors and confer no rights or remedies on
any other person or entity.
-
Waiver/Amendment. Neither this Agreement nor any of its
provisions may be waived, amended, or otherwise modified, except by
a written instrument signed by both parties. Except as otherwise set
forth in this Agreement, no failure to exercise, or delay in
exercising, ant right, remedy, power, or privilege arising from this
Agreement will operate or be construed as a waiver thereof; nor
shall any single or partial exercise of any right, remedy, power, or
privilege hereunder preclude any other or further exercise thereof
or the exercise of any other right, remedy, power, or privilege.
-
Announcements of Agreement. NetDocuments shall be permitted
to use Customer’s name or logo to identify the existence of Customer
as a customer of NetDocuments in marketing content or in any media
interview without Customer’s written consent, provided that such
reference to Customer is included with at least several other
similar references and is given no more prominence than such other
references, and subject to compliance with any written branding or
trademark usage guidelines provided to NetDocuments.
-
Counterparts. This Agreement may be executed in any number of
counterparts which may be delivered as a .pdf attached to email or
by digital or electronic signature, and each counterpart so executed
and delivered will be deemed an original, all of which together will
constitute one instrument.
-
Governing Law, Venue, and Jurisdiction. This Agreement shall
be governed by and construed in accordance with the laws as set
forth below, without giving effect to conflict of law or choice of
law principles. Any and all actions, suits or judicial proceedings
upon any claim arising from or relating to this Agreement shall be
instituted and maintained in the city, state, territory, or province
as applicable.
-
if Customer is domiciled in the North America, Central America,
or South America, governing law is the law of the State of Utah;
-
if Customer is domiciled in the United Kingdom, European
Economic Areas, Africa, or the Middle East, governing law is the
law of England and Wales;
-
if Customer is domiciled in Australia, New Zealand, or Asia,
governing law is the law of Australia.
This Agreement
expressly excludes the provisions of the Contracts (Rights of
Third Parties) Act 1999 and any amendment thereto.
-
Dispute Resolution. In the event of a dispute arising out of
or relating to this Agreement, any Order Form, or Statement of Work
the parties agree that they will attempt in good faith, in a timely
manner, and amicably to resolve the dispute informally with
representatives who have authority to settle any such dispute.
-
Equitable Remedies. Customer acknowledges and agrees that a
breach or threatened breach by Customer of any of its obligations
under Section 5 would cause NetDocuments irreparable harm for which
monetary damages would not be an adequate remedy and that, in the
event of such breach or threatened breach, NetDocuments will be
entitled to equitable relief, including a restraining order, and
injunction, specific performance, and any other relief that may be
available from any court, without any requirements to post a bond or
other security, or to prove actual damages or that monetary damages
are not an adequate remedy. Such remedies are not exclusive and are
in addition to all other remedies that may be available at law, in
equity, or otherwise.
-
Severability. If any provision of this Agreement is held to
be unenforceable or invalid by any court of competent jurisdiction,
the validity and enforceability of the remaining provisions of this
Agreement will not be affected and that provision is to be construed
either by modifying it to the minimum extent necessary to make it
enforceable (if permitted by law) or disregarding it (if not).
-
Survival. Any provision of this Agreement that by its nature
extend beyond the expiration or termination of this Agreement,
including accrued rights to payment, use restrictions, indemnity
obligations, confidentiality obligations, warranty disclaimers, and
limitations of liability, will remain in effect until all
obligations are satisfied in accordance with their terms.
-
Services by Third Parties. If Customer engages a person or
entity other than NetDocuments to provide professional or other
services related to the Services or Customer Data including data
conversion, training, installation, application integration,
NetDocuments will have no liability for the acts or omissions of
such person or entity.
-
Entire Agreement; Order of Precedence. This Agreement,
including any Exhibits, constitutes the entire understanding and
agreement of the parties relating its subject matter, and supersedes
all prior agreements and understandings, whether written or oral. In
the event of a conflict between this Agreement and any Exhibit,
Order Form, or Statement of Work then the terms shall control in
accordance with the following order of priority, unless otherwise
stated: first, the terms in the Order Form; second, the terms in an
Exhibit to this Agreement, to the extent conflicting with terms in
the body of this Agreement; third, the terms in the body of this
Agreement; and fourth, the terms in a Statement of Work.
-
Purchase Orders. Any purchase order or other document issued
or delivered to NetDocuments in connection with Customer’s
subscription to the Services is only for Customer’s administrative
purposes. No terms and conditions of any purchase order or other
ordering document will apply to, or be binding upon, NetDocuments.
Preprinted, standard, or posted terms and conditions in any media
(including terms where acquiescence, approval, or agreement requires
a mouse click or an electronic signature) shall not be effective,
incorporated into, nor construed to amend the terms of this
Agreement.
-
Interpretation. For all purposes of this Agreement, except as
otherwise expressly provided: (a) the terms defined herein include
the plural as well as the singular and vice versa; (b) any section
of this Agreement that specifies a restriction or states that a
Customer shall not do something is to be interpreted as an
obligation to prevent Customer’s Affiliates, Service Users, and
third parties under Customer’s control from breaching the same; (c)
any reference to an “Exhibit” or a “Section” refers to an Exhibit,
or a Section, as the case may be, of this Agreement; (d) the
Exhibits hereto form part of this Agreement; (e) all references to
this Agreement and the words “herein”, “hereof”, “hereto” and
“hereunder” and other words of similar import refer to this
Agreement as a whole and not to any particular Exhibit, Section, or
other subdivision; (f) all Section and Exhibit headings are for
convenience only and shall not affect the interpretation or
construction of this Agreement; (g) the words “including,”
“included” and “includes” mean inclusion without limitation do not
limit the generality of the statements they qualify; (h) the word
“or” is not exclusive and shall have the meaning commonly ascribed
to the term “and/or;” and (i) this Agreement has been jointly
negotiated by the parties hereto and their respective legal counsel,
and any legal or equitable principles that might require or permit
the construction of this Agreement or any provision hereof against
the party drafting this Agreement shall not apply in any
construction or interpretation of this Agreement.
Exhibit A—NetDocuments Service Levels and Support
-
Definitions.
-
“Downtime” is any period during which
Customer is unable to access or use a Service as a result of a
Service Outage but excludes periods of Network Maintenance and Force
Majeure Events.
-
“Maintenance Window” means periods of
time when NetDocuments is performing scheduled Network Maintenance.
-
“Network Maintenance” means work on the
ND Network to facilitate ongoing operations, including updates to
the Services. Scheduled Network Maintenance will take place during
Maintenance Windows. Emergency Network Maintenance may take place
any time NetDocuments’ reasonably perceives a threat to the ND
Network or the Services. The Services may not be available during
periods of Network Maintenance.
-
“Services Availability” or
“Uptime” for any 12-month period shall
be the percentage determined by dividing (a) the net of the total
number of minutes per year minus the total number of minutes of
Downtime per year by (b) the total the number of minutes per year.
-
“Services Outage” means a period of
time in which the ND Network is generally inaccessible to customers
due to failures of the ND Network. Network Maintenance, Force
Majeure Events, and failure of Customer Systems, including
connectivity between Customer Systems and the Internet, are not
Service Outages.
-
Services Availability. NetDocuments shall endeavor to
maintain a 99.9% Services Availability per year, subject to Network
Maintenance. NetDocuments will monitor Service Availability and will
make Service Availability metrics available to Customer via the
NetDocuments Trust website or a similar function. If Customer
experiences what it believes is a Service Outage, Customer shall
promptly notify Help Desk Support using the procedures described in
Section 5 of this Exhibit. In the event of a Service Outage,
NetDocuments shall restore the respective Service as soon as practical
under the circumstances. NetDocuments shall use commercially reasonable
efforts to provide Digital Notice of the status of the Service and
correct issues and interruptions to the Services.
-
Maintenance Windows. Except for emergency Network
Maintenance, NetDocuments will use reasonable efforts provide 10 days’
notice of Maintenance Windows. Digital Notice will be provided, and the
date and time of the Maintenance Window will be posted on the
NetDocuments support webpage. Whenever possible, Maintenance Windows
will be outside of business hours in Customer’s Service Region.
-
Credits for Service Outages.
-
Eligibility for Service Credits. To be eligible for Service
Outage Credits (as defined below), Customer must: (a) be in
compliance with its obligations under the Agreement, including
obligations regarding Customer Systems; and (b) log a report through
the NetDocuments support website. The date/time stamp on the logged
report through the NetDocuments support website reporting any
Service Outage will be used as the commencement time for the
calculation of any Service Outage Credits due. NetDocuments will
post on the NetDocuments support website a date/time stamp verifying
the end time of the Service Outage.
-
Service Credits. If Service Outages reported by Customer and
confirmed by NetDocuments during any calendar year during the Term
result in Service Availability of a Service falling below 99.9% on
an annualized basis in such calendar year (the
“Service Credit Threshold”),
NetDocuments shall provide
“Service Outage Credits” as follows
with respect to such Service: All Service Outages incidents logged
by Customer during the calendar year will be totaled at the end of
the calendar year, and if requested by Customer within 30 days
following the respective calendar year, will be evaluated against
the following schedule to determine any Service Outage Credit due.
The Service Outage Credit will be applied to the Customer’s next
installment of its Subscription Fee following the end of the
calendar year. If applicable, any “startup” months prior to the
Billing Date identified in any Order are excluded from the
calculation of any Service Outage Credits. Service Outage Credits
will only be applied against future Subscription Fees. If Customer
terminates the Agreement, any accrued and unapplied Service Outage
Credits are lost. The parties agree that Service Outage Credits are
a fair estimate of the damages that Customer will incur for each
event for which a Service Outage Credit is granted in the Agreement,
that the actual damages incurred by Customer in each such event
would be difficult and costly to determine, and that Service Outage
Credits are liquidated damages awarded in lieu of actual damages
incurred by Customer. Service Outage Credits are the sole and
exclusive remedy of Customer with respect to the incident or event
with respect to which such Service Outage Credits are credited to
Customer by NetDocuments, subject to and as limited by the
provisions of Section 10 of this Agreement. If Customer is domiciled
in Australia, this Section 4.2 shall not limit any remedy available
to Customer under the ACL, if and to the extent the ACL applies.
Cumulative Services Outages Above Service Credit Threshold |
Service Outage Credit (Number of days * annualized subscription
fee for respective Service(s) / 365)
|
1 minute to 120 minutes |
1 day |
121 minutes to 240 minutes |
2 days |
241 minutes to 480 minutes |
4 days |
481 minutes to 960 minutes |
8 days |
961 minutes or more |
16 days |
-
Priority Definitions and Target Responses for Service
Outages.
The Service Outage priority definitions and target responses are as set
forth below. Target response times and target status updates are
provided by Digital Notice. NetDocuments shall cooperate with Customer
to determine the priority level of an event reported by Customer.
Adverse internet issues beyond NetDocuments' control may impact the
stated time frames.
Priority Level |
Scope |
Target Initial Response Time |
Target Status Update Time |
1 |
Any Service Outage |
45 Minutes |
Hourly |
2 |
Any failure of search, write or other material functions of a
Service for general users that do not represent a Service Outage.
|
4 hours, if request is submitted during normal business hours in
Customer’s Service Region, or 16 hours is request is outside
normal business hours
|
Once each business day |
3 |
Any failure of a Service that affects the functionality of the
Service for general users and is not a Priority 1 or Priority 2
request.
|
24 hours, if request is submitted during normal business hours in
Customer’s Service Region, or 48 hours if request is outside
normal business hours
|
As Needed |
-
NetDocuments Help Desk Support. Help Desk Support is
the means by which NetDocuments provides technical advice to Customer by
Customer’s Administrative Contacts or Help Desk Contacts designated by
Customer. Training of Service Users and Services support other than that
listed above is to be provided by Customer’s information technology
staff, and NetDocuments has no obligation or responsibility to provide
Help Desk Support (or any other support) directly to Service Users or
any to provide technical support for software or services not provided
by NetDocuments as part of the Services or with respect to Customer
Systems.
-
Requesting Help Desk Support From NetDocuments. Help Desk
Support is available to Customer’s Administrative Contacts or Help
Desk Contacts 24 hours/day, 7 days/week, 52 weeks/year on an
as-available basis. Customer’s Help Desk Contacts can submit support
requests as follows:
-
Requests through Support System. Requests may be
submitted at
support.netdocuments.com
(or by such other digital means as directed by NetDocuments from
time to time by Digital Notice). Follow-up of a request can be
provided either via phone or digital means at the discretion of
NetDocuments Help Desk Support personnel.
-
Telephone requests Telephone requests shall be to the
telephone number provided on the NetDocuments support
website.
Requests should include the following information:
the name and customer association of the individual submitting
the request, asserted priority level, date and time of the
occurrence, complete description of the issue, including steps
to recreate the problem, the text of any error messages, and
relevant information about the Service User’s environment.
At
the request of Customer, NetDocuments Help Desk Support
personnel may have limited access to Customer Systems or
Customer Data to resolve support issues. Customer agrees it will
use all reasonable efforts to ensure Customer Data it shares
with NetDocuments Help Desk Support personnel does not contain
Personal Data or sensitive information.
Help Desk Support
may be provided by NetDocuments personnel or subcontractors in
regions other than Customer’s Service Region. If Customer’s
policies or applicable law restricts the access to or use of
Customer Data outside of a specific geographic location,
Customer must notify NetDocuments Help Desk Support personnel
prior to sharing any Customer Data.
Exhibit B—NetDocuments Security
NetDocuments employs a comprehensive range of procedures, tools, and
independent services to provide industry-leading security for data stored
in the Services. Below is a summary of NetDocuments’ existing security
features as of the date of this Agreement. NetDocuments will use
reasonable efforts to update its security standards, policies, and
procedures from time to time to keep pace with changes in industry
standards or to comply with legal or regulatory requirements. Accordingly,
NetDocuments reserves the right to make changes to its security measures
or any of the policies or procedures identified herein but will not make
changes that will decrease the overall security of the Services or
Customer Data.
-
Safeguarding Customer Data. NetDocuments will maintain
appropriate administrative, organizational, technical, and physical
safeguards designed to: (a) ensure the security, confidentiality, and
availability of Customer Data, and (b) protect against Unauthorized
Access to Customer Data while it is stored in the Services.
-
Certifications and Standards. NetDocuments will have a
Type 2 SOC 2 audit for security, availability, and privacy undertaken
annually and will maintain its certification to ISO 27001 or a
comparable successor standard. Customer may download NetDocuments’ then
current Due Diligence Response package (“DDR”), which contains
information sufficient for Customer to verify NetDocuments’
certification and audit results, from the NetDocuments Security Center
(available to repository administrators). All of the following controls
are verified in NetDocuments Type 2 SOC 2 audit and ISO 27001
certification report.
-
Security Controls and Audits. NetDocuments has and will
maintain an information security program that includes policies and
procedures regarding physical security, handling of confidential
information, employee background checks, network security,
anti-virus/anti-malware protection, access control management, and
incident response. NetDocuments conducts regular internal control
assessments to validate that controls are designed and operating
effectively. Issues identified from assessments are documented, tracked
and remediated as appropriate.
-
Physical Security of NetDocuments Facilities.
NetDocuments implements appropriate physical security controls,
including physical access controls, at its facilities and requires its
material vendors to implement comparable physical security standards.
Access to NetDocuments facilities is limited to authorized individuals,
validated through photo identification badges, and logged. NetDocuments
removes physical access when access is no longer required and as a
component of the employee termination process.
-
Physical Security of Data Centers. NetDocuments
requires data center vendors to meet industry-standard physical security
controls. NetDocuments conducts internal audits of all data centers
annually, and all data centers are included in the scope of NetDocuments
annual ISO 27001 certification audit.
-
Disaster Recovery and Business Continuity NetDocuments
will have in place at all times during the Term disaster recovery and
business continuity plans to be implemented in the event of a disaster.
NetDocuments will actively review and update the disaster recovery and
business continuity plans on at least an annual basis. NetDocuments’
target recovery point objective is 2 hours and its target recovery time
objective is 6 hours.
-
Human Resource Security. NetDocuments’ employees sign a
confidentiality agreement and acknowledge security policies during the
employee on-boarding process and annually for the term of employment. In
addition, NetDocuments conducts training annually on its security
policies and processes. NetDocuments conducts background verification
and credit checks in accordance with applicable law during the hiring
process and annually for the term of an employee’s employment.
-
ND Network Security. In the course of providing the
Services, NetDocuments shall, at a minimum:
-
cause the ND Network to include a multi-tier server structure
consisting of web servers, directory servers, database servers, and
index servers in which each class of server is highly available
without a single point of failure;
-
deploy within the ND Network a managed firewall and intrusion
detection system that includes monitoring for Unauthorized Access;
-
store Customer Data that has been saved on the ND Network using the
Services (and which has not been subsequently deleted) in highly
available storage located at two or more geographically separate
data centers;
-
provide technology for local echoing on compatible access devices,
subject to proper activation, configuration and management of the
relevant access devices by Customer;
-
connect the ND Network to the Internet with redundant high-capacity
Internet service providers;
-
ensure the data centers that host the ND Network are supported by
backup power generators designed to provide at least 48 hours of
power in case of a major power outage;
-
encrypt Customer Data in transit and at rest using industry-standard
encryption protocols; and
-
employ virus and malware scanning software on all corporate networks
and compensating controls to protect against viruses and malware on
production networks.
-
Access Controls. NetDocuments manages access to
internal networks through Active Directory user groups. NetDocuments
allocates permissions and privileges on a least privilege principle.
NetDocuments assigns network and data access rights based on user groups
and job function. Active Directory requires minimum password parameters
for access to NetDocuments’ internal networks. NetDocuments removes
access to NetDocuments’ networks when access is no longer required and
as a component of the employee termination process.
-
Logging and Monitoring. NetDocuments will employ
logging mechanisms within the Service to permit Customer to review
document-level events and administrative changes for the previous 90
days. Details about the Consolidated Activity Log and Administrative
Activity Log can be found on the NetDocuments support website.
NetDocuments also logs comprehensive information regarding the
functionality of the ND Network. NetDocuments maintains its log
information for at least 1 year.
-
Penetration Testing and Vulnerability Scans
NetDocuments will perform regular penetration tests to be completed by
independent third parties to assess the ND at least twice per 12-month
period. NetDocuments will perform vulnerability scans (internal and
external) of the ND Network to detect vulnerabilities at least once per
month. NetDocuments will remediate critical and high-risk
vulnerabilities promptly.
-
Notification and Remedial Actions. NetDocuments will
continuously monitor the ND Network for Unauthorized Access.
NetDocuments will report any confirmed Unauthorized Access to Customer
without unreasonable delay, not to exceed 24 hours. NetDocuments will
use commercially reasonable efforts to remedy any confirmed Unauthorized
Access promptly, perform a root cause analysis, and develop a future
incident mitigation plan with regard to any Unauthorized Access
affecting Customer Data.
-
Secure Development. NetDocuments’ Software Development
Life Cycle (SDLC) methodology governs the acquisition, development,
implementation, configuration, maintenance, modification, and management
of software components. NetDocuments developers use secure coding
guidelines based on leading industry standards and receive annual secure
coding training. For each release, NetDocuments performs a security
architecture review and conducts vulnerability scans and dynamic and
static code reviews in the development environment. Identified
vulnerabilities and coding defects are resolved prior to implementation,
and an internal rollout is performed to test and troubleshoot the
product release prior to placing it in production. NetDocuments utilizes
a code versioning control system to maintain the integrity and security
of application source code. Access privileges to the source code
repository are reviewed quarterly and limited to authorized employees.
-
Change Management. NetDocuments follows documented
change management policies and procedures for requesting, testing, and
approving application, infrastructure, and Service-related changes.
Dedicated environments separate from production exist for development
and testing activities. Logical access controls requiring two-factor
authentication secure these separate environments. Only authorized
individuals can move code into production.
-
Assistance with Compliance Requests. NetDocuments will
provide Customer reasonable assistance in responding to Customer’s
clients’ requests for information about NetDocuments’ security policies
and procedures applicable to Customer Data, subject to reasonable
confidentiality measures required by NetDocuments and Customer’s payment
of NetDocuments' then-current fees for customer audit support requests.